Google’s “Do No Harm, Only Good” Philosophy Proves Itself

No matter how much the European Commission wants the world to believe that Google Inc. (NASDAQ: GOOG) has a monopoly on search, at least in Europe, and how much software experts believe that its Android operating system has seized control of the smartphone OS universe, the huge American tech giant does demonstrate its self-proclaimed “goodness” ethical position from time to time.

Most recently, Google says it has protected its Gmail users from countless spam attacks and attempts by evil doers to seize the identities of account holders. It should make the balance of the world’s e-mail users want to migrate their service to Google.

The latest edition of the Google Official Blog points out:

To improve their chances of beating a spam filter by sending you spam from your contact’s account, the spammer first has to break into that account. This means many spammers are turning into account thieves. Every day, cyber criminals break into websites to steal databases of usernames and passwords — the online “keys” to accounts. They put the databases up for sale on the black market, or use them for their own nefarious purposes. Because many people re-use the same password across different accounts, stolen passwords from one site are often valid on others.

With stolen passwords in hand, attackers attempt to break into accounts across the web and across many different services. We’ve seen a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time. A different gang attempted sign-ins at a rate of more than 100 accounts per second. Other services are often more vulnerable to this type of attack, but when someone tries to log into your Google Account, our security system does more than just check that a password is correct.

Google’s solution:

Every time you sign in to Google, whether via your web browser once a month or an email program that checks for new mail every five minutes, our system performs a complex risk analysis to determine how likely it is that the sign-in really comes from you. In fact, there are more than 120 variables that can factor into how a decision is made.

If a sign-in is deemed suspicious or risky for some reason — maybe it’s coming from a country oceans away from your last sign-in — we ask some simple questions about your account. For example, we may ask for the phone number associated with your account, or for the answer to your security question. These questions are normally hard for a hijacker to solve, but are easy for the real owner. Using security measures like these, we’ve dramatically reduced the number of compromised accounts by 99.7 percent since the peak of these hijacking attempts in 2011.

While Google’s points may seem to be a bit of promotion, and Gmail may be no better at thwarting hijacking attempts than Microsoft Corp.’s (NASDAQ: MSFT) or Aol Inc.’s (NYSE: AOL) email, the search company has offered a little comfort in a world in which the Chinese military can hack almost any website or secure Internet destination in the world, including those of some U.S. government agencies and many huge American corporations. Maybe Google should be enlisted front and center to battle the Chinese, even if it is to the death.